HPE Community
Operating System - HP-UX
1834130 Members
3144 Online
110064 Solutions
New Discussion

Re: Need to setup Ignite to archive client behind firewall.

 
jackie baron_1
Regular Advisor

‎01-21-2009 07:43 AM

‎01-21-2009 07:43 AM

Need to setup Ignite to archive client behind firewall.

My Ignite server is up and running and can archive and recover client systems on its segment.

I have another couple of clients behind a firewall that I also need the Ignite server to archive. Here's the scenario:

The Ignite server IP is 194.104.183.110
Its subnet mask is 255.255.255.0

The would-be client is 194.104.175.134
Its subnet mask is 255.255.255.192

They can't ping each other but the client can login to the server vi ssh or ftp.
The server can't get into the client at all.

What ports do I need to open up on the firewall in order to get these two machines able to Ignite archive and restore?

thanks

j
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎01-21-2009 09:01 AM

‎01-21-2009 09:01 AM

Re: Need to setup Ignite to archive client behind firewall.

Shalom,

Ignite will work through a firewall, but it does compromise the firewall a bit.

All that is needed is for the ports that Ignite uses be open.

NFS and such.

http://docs.hp.com/en/5992-5309/ch04s03.html

That documents covers the services. Ports necessary can be referenced in /etc/services

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
sujit kumar singh
Honored Contributor

‎01-21-2009 03:58 PM

‎01-21-2009 03:58 PM

Re: Need to setup Ignite to archive client behind firewall.

hi

ignite shall be using in all possibilties the following protocols or services as u may call

tftp,nfs,bootp,instl_boots,

u have to make sure that these services are there in /etc/inedt.conf
tftp
bootps
instl_boots

and in /etc/services that refer to is

/etc/services

tftp 69/UDP
bootps 67/UDP
bootpc 68/UDP
instl_boots 1067/UDP
instl_bootc 1068/UDP


Regards
sujit
0 Kudos
Reply
jackie baron_1
Regular Advisor

‎01-22-2009 08:27 AM

‎01-22-2009 08:27 AM

Re: Need to setup Ignite to archive client behind firewall.

What about rcp/rlogin ??
Doesn't ignite need these to install the ignite software on the clients?

It seems that here the network/compliance people don't want to use tftp or remsh/rcp.

Is there a way of tightening it so that Ignite can use these services but more securely?

j
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎01-22-2009 08:31 AM

‎01-22-2009 08:31 AM

Re: Need to setup Ignite to archive client behind firewall.

To install Ignite through a firewall rcp needs to be open.

To be honest you should configure the firewall to at least limit the source IP address range you are opening up.

Ignite is not designed for use on the public Internet and opening up these ports does degrade security. But it can be done.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.